iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/kernel
History
Amy Griffis 9c937dcc71 [PATCH] log more info for directory entry change events 
When an audit event involves changes to a directory entry, include
a PATH record for the directory itself.  A few other notable changes:

    - fixed audit_inode_child() hooks in fsnotify_move()
    - removed unused flags arg from audit_inode()
    - added audit log routines for logging a portion of a string

Here's some sample output.

before patch:
type=SYSCALL msg=audit(1149821605.320:26): arch=40000003 syscall=39 success=yes exit=0 a0=bf8d3c7c a1=1ff a2=804e1b8 a3=bf8d3c7c items=1 ppid=739 pid=800 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=ttyS0 comm="mkdir" exe="/bin/mkdir" subj=root:system_r:unconfined_t:s0-s0:c0.c255
type=CWD msg=audit(1149821605.320:26):  cwd="/root"
type=PATH msg=audit(1149821605.320:26): item=0 name="foo" parent=164068 inode=164010 dev=03:00 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=root:object_r:user_home_t:s0

after patch:
type=SYSCALL msg=audit(1149822032.332:24): arch=40000003 syscall=39 success=yes exit=0 a0=bfdd9c7c a1=1ff a2=804e1b8 a3=bfdd9c7c items=2 ppid=714 pid=777 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=ttyS0 comm="mkdir" exe="/bin/mkdir" subj=root:system_r:unconfined_t:s0-s0:c0.c255
type=CWD msg=audit(1149822032.332:24):  cwd="/root"
type=PATH msg=audit(1149822032.332:24): item=0 name="/root" inode=164068 dev=03:00 mode=040750 ouid=0 ogid=0 rdev=00:00 obj=root:object_r:user_home_dir_t:s0
type=PATH msg=audit(1149822032.332:24): item=1 name="foo" inode=164010 dev=03:00 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=root:object_r:user_home_t:s0

Signed-off-by: Amy Griffis <amy.griffis@hp.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2006-06-20 05:25:28 -04:00
..
irq
[PATCH] request_irq(): remove warnings from irq probing
2006-04-28 08:33:46 -07:00
power
[PATCH] off-by-1 in kernel/power/main.c
2006-04-28 08:33:46 -07:00
.gitignore
gitignore: ignore more generated files
2006-01-03 11:35:26 +01:00
acct.c
[PATCH] Fix pacct bug in multithreading case.
2006-03-31 12:18:54 -08:00
audit.c
[PATCH] log more info for directory entry change events
2006-06-20 05:25:28 -04:00
audit.h
[PATCH] log more info for directory entry change events
2006-06-20 05:25:28 -04:00
auditfilter.c
[PATCH] log more info for directory entry change events
2006-06-20 05:25:28 -04:00
auditsc.c
[PATCH] log more info for directory entry change events
2006-06-20 05:25:28 -04:00
capability.c
[PATCH] refactor capable() to one implementation, add __capable() helper
2006-03-25 08:22:56 -08:00
compat.c
[PATCH] lightweight robust futexes: compat
2006-03-27 08:44:49 -08:00
configs.c
update the email address of Randy Dunlap
2006-01-03 13:37:51 +01:00
cpu.c
[PATCH] Notifier chain update: API changes
2006-03-27 08:44:50 -08:00
cpuset.c
[PATCH] cpuset: might_sleep_if check in cpuset_zones_allowed
2006-05-21 12:59:18 -07:00
dma.c
Linux-2.6.12-rc2
2005-04-16 15:20:36 -07:00
exec_domain.c
[PATCH] Fix module refcount leak in __set_personality()
2006-03-24 07:33:30 -08:00
exit.c
[PATCH] run_posix_cpu_timers: remove a bogus BUG_ON()
2006-06-17 10:52:13 -07:00
extable.c
[PATCH] symbol_put_addr() locks kernel
2006-05-15 11:20:55 -07:00
fork.c
[PATCH] move call of audit_free() into do_exit()
2006-05-01 06:06:13 -04:00
futex_compat.c
[PATCH] futex: check and validate timevals
2006-03-31 12:18:59 -08:00
futex.c
[PATCH] futex: check and validate timevals
2006-03-31 12:18:59 -08:00
hrtimer.c
[PATCH] hrtimer: export symbols
2006-05-31 16:27:11 -07:00
intermodule.c
[PATCH] missing license tag in intermodule
2006-02-05 11:06:52 -08:00
itimer.c
[PATCH] hrtimers: remove data field
2006-03-26 08:57:03 -08:00
kallsyms.c
[PATCH] fix missing includes
2005-10-30 17:37:32 -08:00
Kconfig.hz
[PATCH] i386: Selectable Frequency of the Timer Interrupt
2005-06-23 09:45:10 -07:00
Kconfig.preempt
[PATCH] sched: voluntary kernel preemption
2005-06-25 16:24:45 -07:00
kexec.c
[PATCH] move capable() to capability.h
2006-01-11 18:42:13 -08:00
kfifo.c
[PATCH] gfp flags annotations - part 1
2005-10-08 15:00:57 -07:00
kmod.c
[PATCH] wait_for_helper: trivial style cleanup
2006-03-28 18:36:41 -08:00
kprobes.c
[PATCH] kprobes: NULL out non-relevant fields in struct kretprobe
2006-04-20 07:54:03 -07:00
ksysfs.c
[PATCH] fix build error if CONFIG_SYSFS=n
2006-03-24 07:33:31 -08:00
kthread.c
[PATCH] find_task_by_pid() needs tasklist_lock
2006-03-25 08:22:57 -08:00
Makefile
[PATCH] lightweight robust futexes: compat
2006-03-27 08:44:49 -08:00
module.c
[PATCH] symbol_put_addr() locks kernel
2006-05-15 11:20:55 -07:00
mutex-debug.c
[PATCH] fix/simplify mutex debugging code
2006-01-11 08:14:16 -08:00
mutex-debug.h
[PATCH] mutex subsystem, debugging code
2006-01-09 15:59:20 -08:00
mutex.c
[PATCH] mutex: trivial whitespace cleanups
2006-01-10 14:27:59 -08:00
mutex.h
[PATCH] mutex subsystem, core
2006-01-09 15:59:19 -08:00
panic.c
[PATCH] the scheduled unexport of panic_timeout
2006-04-11 06:18:40 -07:00
params.c
[PATCH] Change dash2underscore() return value to char
2006-03-28 09:16:03 -08:00
pid.c
[PATCH] pidhash: Refactor the pid hash table
2006-03-31 12:19:00 -08:00
posix-cpu-timers.c
[PATCH] arm_timer: remove a racy and obsolete PF_EXITING check
2006-06-17 10:52:13 -07:00
posix-timers.c
[PATCH] hrtimers: remove data field
2006-03-26 08:57:03 -08:00
printk.c
BUG_ON() Conversion in kernel/printk.c
2006-04-01 01:21:17 +02:00
profile.c
[PATCH] Remove __devinit and __cpuinit from notifier_call definitions
2006-04-26 08:30:03 -07:00
ptrace.c
ptrace_attach: fix possible deadlock schenario with irqs
2006-05-11 11:08:49 -07:00
rcupdate.c
[PATCH] RCU: introduce rcu_needs_cpu() interface
2006-05-15 11:20:55 -07:00
rcutorture.c
[PATCH] for_each_possible_cpu: fixes for generic part
2006-03-28 09:16:05 -08:00
relay.c
[PATCH] relay: consolidate sendfile() and read() code
2006-03-23 19:58:45 +01:00
resource.c
[PATCH] kernel/resource.c: __check_region(): remove pointless __deprecated
2006-01-10 08:02:02 -08:00
sched.c
Revert "[PATCH] sched: fix interactive task starvation"
2006-05-21 18:54:09 -07:00
seccomp.c
Linux-2.6.12-rc2
2005-04-16 15:20:36 -07:00
signal.c
[PATCH] collect sid of those who send signals to auditd
2006-06-20 05:25:21 -04:00
softirq.c
[PATCH] Remove __devinit and __cpuinit from notifier_call definitions
2006-04-26 08:30:03 -07:00
softlockup.c
[PATCH] Remove __devinit and __cpuinit from notifier_call definitions
2006-04-26 08:30:03 -07:00
spinlock.c
[PATCH] BUILD_LOCK_OPS: cleanup preempt_disable() usage
2006-03-23 07:38:16 -08:00
stop_machine.c
[PATCH] Remove set_fs() in stop_machine()
2006-01-10 08:01:25 -08:00
sys_ni.c
[PATCH] frv: define MMU mode specific syscalls as 'cond_syscall' and clean up unneeded macros
2006-04-11 06:18:33 -07:00
sys.c
[PATCH] Make setsid() more robust
2006-03-31 12:18:59 -08:00
sysctl.c
[PATCH] inotify (1/5): split kernel API from userspace support
2006-06-20 05:25:17 -04:00
time.c
Fix comments: s/granuality/granularity/
2006-04-01 01:41:22 +02:00
timer.c
[PATCH] Fix a NO_IDLE_HZ timer bug
2006-05-21 12:59:21 -07:00
uid16.c
[PATCH] Add more prevent_tail_call()
2006-04-19 16:27:18 -07:00
user.c
[PATCH] inotify (1/5): split kernel API from userspace support
2006-06-20 05:25:17 -04:00
wait.c
Linux-2.6.12-rc2
2005-04-16 15:20:36 -07:00
workqueue.c
[PATCH] Remove __devinit and __cpuinit from notifier_call definitions
2006-04-26 08:30:03 -07:00